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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

1 . (Currently Amended) A method for addressing packets in a firewall cluster 
within a single network, the firewall cluster including a plurality of firewall nodes 
comprising one or more processing units , the method comprising: 

selecting, from the firewall cluster within the single network, on e of th e a_ 
first firewall nod e s node for processing a first packet; 

receiving, at a first proc e ssor processing unit associated with the se l ect e d 
first firewall node, the first packet; 

modifying, by the first proc e ssor processing unit , as a function of a 
multidimensional space for representing addresses processed by a set of data- 
procossors processing units , a first address for the first packet into a second address for 
the first packet, the second address being within a range of addresses assigned only to 
the first firewall node; and 

selecting, from the firewall cluster within the single network, a second 
firewall node for processing a second packet: 

receiving, at a second processing unit associated with the second firewall 
node, the second packet: 

modifying, bv the second processing unit, as a function of a 
multidimensional space for representing addresses processed by a set of processing 
units, a first address for the second packet into a second address for the second packet. 
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the second address being within a range of addresses assigned only to the second 
firewall node, such that the second address of the second packet does not conflict with 
the second address of the first packet: 

foHA/arding the first packet based on the second address of the first 

packet; and 

forwarding the second packet based on the second address of the second 

packet . 

2. (Original) The method of claim 1, further comprising: 
using an N-tuple space as the multidimensional space. 

3. (Currently Amended) The method of claim 2, further comprising: 
assigning to the first proc e ssor processing unit a first region based on the 

N-tuple space. 

4. (Currently Amended) The method of claim 3, further comprising: 
using the first address of the first packet such that the first address 

represents a point within the first region. 

5. (Original) The method of claim 4, further comprising: 

using N address values as the N-tuple, such that the N address values 
represent the point. 

6. (Original) The method of claim 2, further comprising: 

using the N-tuple space, such that N is equal to a value of at least two. 
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7. (Currently Amended) The method of claim 3, further comprising: 
assigning to a second proc e ssor processing unit a second region based 

on the N-tuple space, such that the first region is separate from the second region. 

8. (Cancelled). 

9. (Cancelled). 

10. (Currently Amended) A method for addressing packets associated with a 
plurality of procossors processing units , each proc e ssor processing unit being 
associated with one of a plurality of firewall nodes in a firewall cluster within a single 
network, the method comprising: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node including a first 
proc e ssor processing unit : 

receiving, at the first processor processing unit , the packet; 

reading, at the first procossor processing unit , an N-tuple address of the 
received packet; 

determining, by the first proc e ssor processing unit , whether the N-tuple 
address is within an N-tuple space assigned to the first processor processing unit, 
wherein the N-tuple space assigned to each of the pluralitv of processing units is 
different : 
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sending the packet with the N-tuple address, when it is determined that 
the N-tuple address is within the N-tuple space assigned to the first proc e ssor 
processing unit : afld 

determining a mod i fi e d N tup i o address , when it is dotorminod that the 
N-tuple address is not within the N-tuple space assigned to the first proc e ssor 
processing unit, a modified N-tuple address based on the N-tuple space assigned to the 
first processing unit, such that the modified N-tuple address does not conflict with 
addresses assigned by any of the other plurality of processing units: and 

sending the packet based on the modified N-tuple address. 

1 1 . (Original) The method of claim 10. wherein the reading step further 
comprises: 

reading as the N-tuple address, a plurality of values from the received 

packet. 

12. (Original) The method of claim 1 1 , wherein the reading step further 
comprises: 

reading at least a source port. 

13. (Currently Amended) The method of claim 10, wherein the step of 
determining whether the N-tuple address is within the N-tuple space, further comprises: 

determining whether the N-tuple address is within the N-tuple space 
based on a comparison between the N-tuple address of the packet and the N-tuple 
space assigned to the first proc e ssor processing unit . 
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14. (Currently Amended) The method of claim 10, wherein the step of 
determining whether the N-tuple address is within the N-tuple space, further comprises: 

determining whether the N-tuple address of the packet is within the 
N-tuple space based a quadrant identifier value, wherein the quadrant identifier value 
corresponds to the first processor processing unit . 

15. (Original) The method of claim 14, wherein the step of determining 
whether the N-tuple address of the packet is within the N-tuple space, further 
comprises: 

determining the quadrant identifier value based on a hash function. 

16. (Original) The method of claim 14, wherein the step of determining 
whether the N-tuple address of the packet is within the N-tuple space, further 
comprises: 

determining the quadrant identifier value based on a hash function and a 
modulo division. 

17. (Currently Amended) The method of claim 10, wherein the step of 
detennining the modified N-tuple further comprises: 

adding a value to the N-tuple address, such that the modified N-tuple 
address is within the N-tuple space assigned to the first procossor processing unit . 

18. (Original) The method of claim 14, wherein the step of detennining the 
modified N-tuple address further comprises: 
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modifying tlie N-tuple address based on the quadrant identifier value. 

19. (Cancelled) 

20. (Cancelled). 



21 . (Currently Amended) The method of claim 10, further comprising: 
using a computer as the first processor processing unit . 

22. (Currently Amended) The method of claim 10, further comprising: 
using a router as the first processor processing unit . 

23. (Cancelled). 



24. (Currently Amended) A method of addressing packets in a firewall cluster 
within a singe network, wherein the firewall cluster comprises a set of proc e ssors 
processing units , each processor processing unit being associated with a firewall node, 
the method comprising: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node including a first 
procossor processing unit : 

receiving, at the first processor processing unit , the packet; 

reading, at the first proc e ssor processing unit , an N-tuple address of the 
received packet; 
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determining a quadrant identifier based on the read N-tuple address, a 
hash function, and modulo division; 

detemiining whether the read N-tuple address corresponds to the first 
proGOSSor processing unit based on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first proc e ssor processing unit ; and 

determining a mod i fi e d N tup l e addr e ss , when the quadrant identifier does 
not correspond to the first proc e ssor processing unit, a modified N-tuple address that 
corresponds to the first processing unit, such that the modified N-tuple address does not 
conflict with addresses assigned by any of the other processing units: and 

sending the packet based on the modified N-tuple address. 

25. (Currently Amended) The method of claim 24, further comprising: 
assigning each of the set of processors processing units a firewall node 

number. 

26. (Currently Amended) The method of claim 25, further comprising: 
determining whether the N-tuple address corresponds to the first 

procossor processing unit based on the quadrant identifier and the firewall node 
number. 

27. (Currently Amended) A system for addressing packets in a firewall cluster 
within a single network, the firewall cluster including a plurality of firewall nodes, the 
system comprising: 
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means for selecting, from the firewall cluster within the single network, ©ne 
of th e a first firewall nodes node for processing a first packet; 

means for receiving, at a first prooossor processing unit associated with 
the s ele ct e d first firewall node, the first packet; 

means for modifying, as a function of a multidimensional space for 
representing addresses processed by a set of data proc e ssors processing units , a first 
address for the first packet into a second address for the first packet, the second 
address being within a range of addresses assigned only to the first firewall node; arid 

means for selecting, from the firewall cluster within the single network, a 
second firewall node for processing a second packet: 

means for receiving, at a second processing unit associated with the 
second firewall node, the second packet: 

means for modifying, as a function of a multidimensional space for 
representing addresses processed bv a set of processing units, a first address for the 
second packet into a second address for the second packet, the second address being 
within a range of addresses assigned onlv to the second firewall node, such that the 
second address of the second packet does not conflict with the second address of the 
first packet: 

means for fonwarding the first packet based on the second address of the 
first packet: and 

means for fon/varding the second packet based on the second address of 
the second packet . 
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28. (Currently Amended) A system for addressing packets associated with 
one or more proc e ssors processing units , each proc e ssor processing unit being 
associated with a firewall node in a firewall cluster within a single network, the system 
comprising: 

means for selecting, from the firewall cluster within the single network, one 
of the firewall nodes for processing a packet, the selected firewall node including a first 
processor processing unit : 

means for receiving, at the first proc e ssor processing unit , the packet; 

means for reading, at the first proc e ssor processing unit , an N-tuple 
address of the received packet; 

means for determining whether the N-tuple address is within an N-tuple 
space assigned to the first processor processing unit, wherein the N-tuple space 
assigned to each of the processing units is different : 

means for sending the packet with the N-tuple address, when it is 
determined that the N-tuple address is within the N-tuple space assigned to the first 
proc e ssor processing unit : and 

means for determining a modifi e d N - tup le addr e ss , when i t i s d e term i n e d 
that the N-tuple address is not within the N-tuple space assigned to the first procossor 
processing unit, a modified N-tuple address based on the N-tuple space assigned to the 
first processing unit such that the modified N-tuple address does not conflict with 
addresses assigned bv anv of the other processing units: 

and sending the packet based on the modified N-tuple address. 
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29. (Currently Amended) A firewall cluster within a single network including 
on e or mor e firewall nodes associated with on e or more proc e ssors processing units , 
comprising: 

means for selecting, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewall node including a 
first proc e ssor processing unit : 

means for receiving, at the first proc e ssor processing unit the packet; 

means for reading, at the first processor processing unit , an N-tuple 
address of the received packet; 

means for determining a quadrant identifier based on the read N-tuple 
address, a hash function, and modulo division; 

means for determining whether the read N-tuple address corresponds to 
the first proc e ssor processing unit based on the quadrant identifier; 

means for sending the packet with the N-tuple address, when the 
quadrant identifier corresponds to the first proc e ssor processing unit ; and 

means for determining a mod i fi e d N tupl e addres s, when the quadrant 
identifier does not correspond to the first processor processing unit, a modified N-tuple 
address that corresponds to the first processing unit, such that the modified N-tuple 
address does not conflict with addresses assigned bv anv of the other processing units: 

and sending the packet based on the modified N-tuple address. 
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30. (Currently Amended) A system including a firewall cluster within a single 
network including a plurality of firewall nodes, the firewall nodes being associated with 
one or more proc e ssors processing units , said system comprising: 
at least one memory comprising: 

code that selects, from the firewall cluster within the single network, 
on e of tho a first firewall nod e s node for processing a first packet, the s ele ct e d 
first firewall node including a first proc e ssor processing unit : 

code that receives, at the first proc e ssor processing unit , the first 

packet; 

code that modifies, as a function of a multidimensional space for 
representing addresses processed by a set of data processors processing units , 
a first address for the first packet into a second address for the first packet, the 
second address being within a range of addresses assigned only to the s ele ct e d 
first firewall node; and 

code that selects, from the firewall cluster within the single network, 
a second firewall node for processing a second packet: the second firewall node 
including a second processing unit: 

code that receives, at the second processing unit, the second 

packet: 

code that modifies as a function of a multidimensional space for 
representing addresses processed by a set of processing units, a first address 
for the second packet into a second address for the second packet, the second 
address being within a range of addresses assigned only to the second firewall 
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node, such that the second address of the second packet does not conflict with 
the second address of the first packet: 

code that fonA^ards the first packet based on the second address of 
the first packet: and 

code that forwards the second packet based on the second 
address of the second packet: and 

at least one proc e ssor processing unit for executing the code. 

31 . (Currently Amended) A system including a firewall cluster within a single 
network including a plurality of firewall nodes, the firewall nodes being associated with 
on e or mor e proc e ssors processing units , the system comprising: 
at least one memory comprising: 

code that selects, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewall node 
including a first proc e ssor processing unit : 

code that receives, at the first processor processing unit , the 

packet; 

code that reads, at the first proc e ssor processing unit , an N-tuple 
address of the received packet; 

code that determines whether the N-tuple address is within an 
N-tuple space assigned to the first proc e ssor processing unit, wherein the 
N-tuple space assigned to each of the processing units is different : 



-13- 



Application No.: 10/712,396 
Attorney Docket No.: 08971.0005-00 



code that sends the packet with the N-tuple address, when it is 
determined that the N-tuple address is within the N-tuple space assigned to the 
first proc e ssor processing unit : and 

code that determines a mod i f i ed N tup le address , when It-^s- 
determin e d that the N-tuple address is not within the N-tuple space assigned to 
the first proc e ssor processing unit, a modified N-tuple address based on the 
N-tuple space assigned to the first processing unit, such that the modified N-tuple 
address does not conflict with addresses assigned by any of the other processing 
units: 

and sending the packet based on the modified N-tuple address; 

and 

at least one processor processing unit for executing the code. 

32. (Original) The system of claim 31 , wherein code that reads further 
comprises: 

code that reads as the N-tuple address, a plurality of values from the 
received packet. 

33. (Original) The system of claim 32, wherein code that reads the plurality of 
values further comprises: 

code that reads at least a source port. 

34. (Currently Amended) The system of claim 31 , wherein code that 
determines whether the N-tuple address is within the N-tuple space, further comprises: 
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code that determines whether the N-tuple address is within the N-tuple 
space based a comparison between the N-tuple address of the packet and the N-tuple 
space assigned to the first proc e ssor processing unit . 

35. (Currently Amended) The system of claim 31 , wherein code that 
determines whether the N-tuple address is within the N-tuple space, further comprises: 

code that determines whether the N-tuple address of the packet is within 
the N-tuple space based a quadrant identifier value, wherein the quadrant identifier 
corresponds to the first proc e ssor processing unit . 

36. (Original) The system of claim 35 wherein code that determines whether 
the N-tuple address of the packet is within the N-tuple space, further comprises: 

code that determines the quadrant identifier value based on a hash 

function. 

37. (Currently Amended) A firewall cluster including a plurality of firewall 
nodes within a single network, the firewall nodes being associated with one or mor e 
processors processing units , the firewall cluster comprising: 

at least one memory comprising 

code that selects, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewall node 
including a first processor processing unit : 

code that receives, at the first processor processing unit , the 

packet; 
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code that reads, at the first proc e ssor processing unit , an N-tuple 
address of the received packet; 

code that determines a quadrant identifier based on the read 
N-tuple address, a hash function, and modulo division; 

code that determines whether the read N-tuple address 
corresponds to the first proc e ssor processing unit based on the quadrant 
identifier; 

code that sends the packet with the N-tuple address, when the 
quadrant identifier corresponds to the first proc e ssor processing unit ; and 

code that determines a modified N tupl e addr e ss , when the 
quadrant identifier does not corresponds to the first processor processing unit a 
modified N-tuple address that corresponds to the first processing unit, such that 
the modified N-tuple address does not conflict with addresses assigned bv any of 
the other processing units: and 

code that sends the packet based on the modified N-tuple address; 

and 

at least one proc e ssor processing unit for executing the code. 

38. (Currently Amended) A computer-readable storage medium comprising 
instructions which, when executed by a proc e ssor processing unit , perform a method for 
addressing packets in a firewall cluster within a single network, the firewall cluster 
including a plurality of firewall nodes, the method including: 
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selecting ene, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node being associated with 
a first processor processing unit : 

receiving, at the first proc e ssor processing unit , the packet; 

reading, at the first proc e ssor processing unit , an N-tuple address of the 
received packet; 

detemiining whether the N-tuple address is within an N-tuple space 
assigned to the first proc e ssor processing unit, wherein the N-tuple space assigned to 
each of the processing units is different : 

sending the packet with the N-tuple address, when it is determined that 
the N-tuple address is within the N-tuple space assigned to the first proc e ssor 
processing unit : and 

determining a mod i fi e d N tup i o addross , when it is determined that the 
N-tuple address is not within the N-tuple space assigned to the first proc e ssor 
processing unit, a modified N-tuple address based on the N-tuple space assigned to the 
first processing unit, such that the modified N-tuple address does not conflict with 
addresses assigned bv anv of the other processing units: and 

sending the packet based on the modified N-tuple address. 

39. (Currently Amended) The computer-readable storage medium of claim 
38, wherein reading further comprises: 

reading as the N-tuple address, a plurality of values from the received 

packet. 



-17- 



Application No.: 10/712,396 
Attorney Docket No.: 08971.0005-00 



40. (Previously Presented) The computer-readable storage medium of claim 
39, wherein reading the plurality of values further comprises: 

reading at least a source port. 

41 . (Currently Amended) The computer-readable storage miedium of claim 
39, wherein determining whether the N-tuple address is within the N-tuple space, further 
comprises: 

determining whether the N-tuple address is within the N-tuple space 
based a comparison between the N-tuple address of the packet and the N-tuple space 
assigned to the first proc e ssor processing unit . 

42. (Currently Amended) The computer-readable storage medium of claim 
39, wherein determining whether the N-tuple address is within the N-tuple space, further 
comprises: 

determining whether the N-tuple address of the packet is within the 
N-tuple space based a quadrant identifier value, wherein the quadrant identifier value 
corresponds to the first proc e ssor processing unit . 

43. (Previously Presented) The computer-readable storage medium of claim 
42, wherein determining whether the N-tuple address of the packet is within the N-tuple 
space, further comprises: 

determining the quadrant identifier value based on a hash function. 
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44. (Currently Amended) A computer-readable storage medium comprising 
instructions which, when executed by a proc e ssor processing unit , perform a method for 
addressing packets in a firewall cluster within a single network, the firewall cluster 
including a plurality of firewall nodes, the method including: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node including a first 
proc es sor processing unit : 

receiving, at the first proc e ssor processing unit , the packet; 

reading, at the first proc e ssor processing unit , an N-tuple address of the 
received packet; 

determining a quadrant identifier based on the read N-tuple address, a 
hash function, and modulo division; 

determining whether the read N-tuple address corresponds to the first 
processor processing unit based on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first procossor processing unit : and 

determining a modified N tup le addr e ss , when the quadrant identifier does 
not corresponds to the first proc e ssor processing unit, a modified N-tuple address that 
corresponds to the first processing unit, such that the modified N-tuple address does not 
conflict with addresses assigned by anv of the other processing units: 

and sending the packet based on the modified N-tuple address. 
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45. (Currently Amended) A computer-readable storage medium comprising 
instructions whicin, when executed by a prooossor processing unit , perform a method for 
addressing packets in a firewall cluster within a single network, the firewall cluster 
including a plurality of firewall nodes comprising one or more processing units , the 
method including: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes within the single network for processing a first packet, the selected 
firewall node being associated with a first procoosor processing unit : 

receiving, at the first proc e ssor processing unit , the first packet; 

modifying, as a function of a multidimensional space for representing 
addresses processed by a set of data proc e ssors processing units , a first address for 
the first packet into a second address for the first packet, the second address being 
within a range of addresses assigned only to the selected firewall node; and 

selecting, from the firewall cluster within the single network, a second 
firewall node for processing a second packet: 

receiving, at a second processing unit associated with the second firewall 
node, the second packet: 

modifying, by the second processing unit, as a function of a 
multidimensional space for representing addresses processed bv a set of processing 
units, a first address for the second packet into a second address for the second packet, 
the second address being within a range of addresses assigned only to the second 
firewall node, such that the second address of the second packet does not confiict with 
the second address of the first packet: 
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forwarding the first packet based on the second address of the first 

packet: and 

fonvardinq the second packet based on the second address of the second 

packet . 
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